1. Field of the Invention
The present invention generally relates to file access control systems for controlling access to a plurality of databases for a large number of users and, more particularly, to enhancements therefor to provide reduction in user burden in obtaining access to shared resources, containing password proliferation and reduction of administrator burden in implementing and updating access authorizations, particularly when databases are added or removed.
2. Description of the Prior Art
Modern computer systems are well-suited to the storage of vast amounts of data and numbers of program applications which may, for convenience of maintenance and interactive search and use, be organized into large numbers of databases. Networking of computers allows very large numbers of users which may be distributed over a wide geographic area to obtain or interact with such data or applications. In such systems, security in the form of control of access to data and program files is necessary to maintain file integrity and limit provision of confidential, sensitive or proprietary data to unauthorized persons as well as to avoid concurrent access to users with authorization to alter a file which could result in loss of data by overwriting a modified file with another differently modified file. It is also necessary to authenticate the identity of a person seeking access to files.
Accordingly, it is common practice to register users of a system together with a unique password to authenticate the identity of the user of the secure network or secure web server system in association with a list of system resources (e.g. files, applications, hardware such as printers and scanners and the like) to which the user, once authenticated, may be granted access. The access of the user to a particular resource must generally be implemented by an administrator.
Once an access authorization is implemented the resource must generally be separately accessed by the user using a password for the individual resource, thus engendering inconvenience for the user due to the separate operation to obtain access and, when many resources are available, maintaining a password for each resource. (Doing so often undermines resource security when a user must maintain a written record of current passwords.) It is also customary to associate a resolution mode which may be associated with various levels of security of data or applications in accessible files or databases and/or a mode of interaction therewith (e.g. read only or read/write for each accessible file or database for each authorized user.
These user authorizations for access to portions of a shared resource can, in theory, be unique to each user and while, in practice, many users may have identical groups or combinations of authorizations, unique authorizations must be accommodated. It can be readily appreciated that as shared resources become large, having hundreds or thousands of databases, each having many hundreds or thousands of files, and user populations become large, the burden on an administrator to implement and manage access authorizations, particularly when databases are removed, added or substituted becomes great. In general, a new user authorization for access to, for example, fifty databases within a larger group of databases within the system will require fifty separate authorizations to be implemented by the administrator, generally by editing of individual entries in a master list of authorizations. Conversely, when a database is added, removed or substituted within a shared resource having, for example, two thousand users, half of which are authorized to access the database, one thousand individual changes in the master authorization list will be required (if not twice that number when one database is substituted for another). Changes in passwords, which is often required periodically from the user or issued by a background routine for avoiding compromise of security may involve thousands or millions of individual editing operations on the master authorization list, if not automated in the system or individual applications.
This process of editing entries in an extensive master list is subject to error and time consuming, often denying access to authorized users for an extended period of time (or, conversely, permitting access for an extended period of time after a desired termination of access authorization) while the changes are implemented. Errors from failure to delete obsolete access authorizations tend to accumulate over time and compromise security of the system.
The extent to which such changes to the master list of authorizations can be automated has been limited, largely due to the need to accommodate unique authorizations, alluded to above, that may involve any combination of databases available through the secure web server. For example, in a system of modest size having fifty databases and two thousand users, the number of possible combinations of authorizations potentially forming unique accesses numbers over one million one hundred thousand.
One particularly successful system for reducing administrator and user burdens is disclosed in U.S. Pat. No. 5,627,967 to Dauerer et al, assigned to the assignee of the present invention and hereby fully incorporated by reference. In the system disclosed therein, desired changes may be indicated in a file generated by a simple word processor. A processed master list in text form is generated from the master list of existing accesses granted for the network.
Invalid and duplicate access authorizations (often referred to simply as “accesses”) may then be detected and removed by rapidly executed word processor functions and the editing of the processed master list facilitated with other word processor functions. Administrator commands may then be automatically generated from the edited text to update the master list of the system. Administrator operations are further facilitated by grouping authorizations for accesses to a plurality of resources under an “alias” so that the administrator can use the alias as a single notation corresponding to a plurality of resources and the individual administrator commands for each resource then generated from the alias.
However, while this system facilitates administrator operations and removal of obsolete or duplicated access authorizations, neither it nor other known systems significantly reduce the overall complexity of administration of access authorizations as secure web systems become large in terms of number of resources, number of users or both. Further, the number of resources to which access authorizations pertain may be greatly increased by division of such resources in order to provide different levels of security for different portions thereof. Additionally, there has been much recent development in the technology of database architecture and management techniques as well as a trend toward archival documentation of database content; both tending to increase the number of substitutions of databases and correspondingly increased numbers of access authorization changes on large systems.